When Ages and Revolutions Converge
January 4, 2012
By Roger Thompson

As this is my first post on ICSA Labs’ blog, I thought I’d take a little bit of time to explain how I currently see the malware world. For those who don’t know me, I’ve been dealing with viruses and assorted malware since 1987, which is about when the first viruses appeared.

One thing that’s clear is that viruses evolve in distinct ages and follow patterns. They come into existence in response to some new technology then spread and cause mischief for some years until an extinction-level event occurs and wipes them out briefly. That is, until a new technology breathes life into them again.
 
First Age of Malware Consists of Dos Viruses
 
For example, the first age of malware is defined as Dos viruses (That’s MsDos, the operating system, not Denial of Service), and can be measured from about 1987 to 1995, when Windows 95 was released. Win95 was the first protected mode operating system, Dos viruses were incompatible with Win 95, and were thus largely wiped out as soon as Win 95 became widely adopted.
 
While this was an extinction-level event, Office 95 was released at the same time as Win95. Office 95 contained a powerful macro language, which allowed viruses to be written in Visual Basic for Applications.  (As an aside, it was always possible to write viruses in high-level languages, like Basic or C, but it was considered lame by virus writers to write in anything other than Assembler.)    
 
Nevertheless, writing in visual basic became a way forward for would-be virus writers. Not only would the old virus-writing techniques no longer work, but anti-virus programs did not catch viruses embedded in documents.
 
Since then, there have been multiple ages and extinction level events, but the last noticeable extinction level event was the release of Win XP Service Pack 2 in 2004. In this release, the firewall was on by default for the first time. This essentially meant that worms could no longer simply blast their way into an unpatched system.
 
Commercial Internet Spawns A New Age
 
By now, it is fairly obvious that the bad guys do not give up, but instead find a new way into systems. By 2005, it was clear that the World Wide Web (sometimes known as World War Web) was the new path for malware. 
 
Here is how this type of malware takes advantages of web surfing: when you start a web browser, you start it from inside the firewall, and thus create a trusted tunnel right through the firewall. If you happen to visit a website of hostile intent, then the code blasts right through the firewall, and has a chance of executing at the desktop.
 
This age is still underway. An increasing number of criminals, both organized and opportunistic, continue to enter the fray. If this were a baseball game, I would estimate we are in about the fourth inning.
 
What this means is that there is plenty of life left in this game, all by itself, but there is another factor at play. I do not think enough people are thinking about this factor, or maybe do not even understand it. These factors—a new “revolution” and the next malware age—are converging in a way to put the world in a genuinely precarious place, which I will discuss below.
 
Computer Revolution Emerges to Change History
 
Human history has seen three great revolutions. The first was the Agricultural Revolution, where people stopped being nomads and started farming. This revolution took a thousand years to happen, but the effect on society was enormous. The second great revolution was the Industrial Revolution, where people essentially stopped farming and moved to towns and started factories. This revolution took perhaps a hundred years to happen, but the effect on society was just as great. The third revolution was the Computer Revolution, which has happened over just a few decades, but the effect on society is, once again, enormous.
 
I believe that, as well as those three revolutions, we have seen a fourth, and are currently undergoing a fifth right now.
 
The fourth, in my opinion, is the World Wide Web, which has happened over the last 20 years, and is greatly changing the amount of information available to the world, along with the speed with which information can be spread and shared.
 
The fifth, and the most dangerous, in my opinion, is what I call the Privacy Revolution, and it’s happening now.
 
Now Entering the Privacy Revolution
 
Consider this. In 2010, Eric Schmidt, then-CEO of Google is quoted as saying “We know where you are. We know where you've been. We can more or less know what you're thinking about.” Also in 2010, Schmidt stated “Between the birth of the world and 2003, there were five exabytes of information created. We [now] create five exabytes every two days.” Now, obviously, that amount of data includes regurgitating the same information in a great many different languages, but it is still a startling statistic.
 
I’m not suggesting for an instant that Google is doing anything untoward. It is just a natural consequence of the Web.
 
A real-world example of how this impacts us in everyday life is that in 2010, I was checking out of a hotel in London, and the bank denied my credit card. I had to call the bank in the U.S., and work my way through the automated attendants to talk to a human. The human asked if I had told them I would be traveling, and I said “No. I didn’t know I had to.” (I wanted to say “No, mom,” but discretion got the better of me). I was told I would have to speak to the fraud department to get my card released.
 
To cut a long story short, I did, and they released the block on my card, but the scary part was that as part of its vetting process, the fraud department process said, “And now, sir, just a couple of questions compiled from publically available information. What age range would best describe this person… twenty to twenty-five, twenty-five to thirty, thirty to thirty-five?,”, and then they spoke the name of one of my daughters-in-law. The alarming thing was that they used, not her married name, but her maiden name, which she had not used for ten years!
 
I well understand that such information could be gleaned by searching the web for a while, but the terrifying thing is that this information was at the bank’s fingertips.
 
I have since discovered that this is a service, offered by very legitimate businesses, to banks and other customers that need it, and was all completely aboveboard, but it was deeply disturbing at the time.
 
Now consider this. Facebook has more than 800 million users, and by its own count, more than 1 million developers building apps for them. No one really knows who the developers are, or what their motivations are, but intuitively, I am confident that not all million of them have sweetness and light in their hearts, despite Facebook’s best and strenuous efforts to react when something is known to be offensive.
 
Every app requests access to your profile and your contacts, and to be blunt, we have no idea what they are doing with the data.
 
This is the Privacy Revolution.
 
Large numbers of unknown entities pretty much know who we are, and what we are interested in.
 
Cyber Warfare Defines the Current Age
 
The reason that this is so dangerous is that last year saw the birth of a new age of malicious code, and that is the age of cyber war. Actually, it has been going on for a few years now, but the event that we have all noticed was the release and subsequent detection of Stuxnet, which was seemingly designed to interfere with the functioning of nuclear reactors.
 
This is the first time that software could definitely be shown to damage hardware, and if anyone thinks it cannot happen in the U.S., I would draw their attention to the recent damage of the water pumping system at one U.S. municipality, and the subsequent publishing of control panels of a different municipalities system, which were allegedly connected to the Internet.
 
The Convergence of Cyber War and Privacy
 
It is well understood that if you want to target a given entity in any discipline, you need to understand them first. You have to know their strengths and weaknesses to best shape your attack.
 
This, then, is exactly the reason that I believe we are poised to enter a new and terribly dangerous era. We have a cyber war age converging with a privacy revolution. People have the ability to hurt us and our infrastructure, and they have an increasing amount of information about us, to help them do it.
 
Unfortunately, it is also a time when many of our best and brightest minds are spending most of their efforts trying to figure out how to make us click on a given advertisement. It would be kind of nice if they saw the world a little differently, and tried to help us secure it instead.
 
 
Roger Thompson describes himself as a “First-Generation Anti-Virus Guy,” who now works as ICSA Labs’ first-ever chief emerging threat researcher.

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.